CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-45984
https://notcve.org/view.php?id=CVE-2023-45984
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro lang en la función setLanguageCfg. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setLanguageCfg.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-36947
https://notcve.org/view.php?id=CVE-2023-36947
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro File en la función UploadCustomModule. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/UploadCustomModule.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-36950
https://notcve.org/view.php?id=CVE-2023-36950
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila a través del parámetro http_host en la función loginAuth. • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/loginauth.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-45985
https://notcve.org/view.php?id=CVE-2023-45985
16 Oct 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 contenían un desbordamiento de pila en la función setParentalRules. Esta vulnerabilidad permite a los atacantes provocar una Denegación de Servicio (DoS) me... • https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setParentalRules.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33486
https://notcve.org/view.php?id=CVE-2023-33486
31 May 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33487
https://notcve.org/view.php?id=CVE-2023-33487
31 May 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33485
https://notcve.org/view.php?id=CVE-2023-33485
31 May 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. • https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/5 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 96%CPEs: 3EXPL: 2CVE-2023-30013 – TOTOLINK Wireless Routers Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-30013
05 May 2023 — TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. • https://packetstorm.news/files/id/174799 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2022-27004
https://notcve.org/view.php?id=CVE-2022-27004
15 Mar 2022 — Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Se ha detectado que los routers Totolink s X5000R versiones V9.1.0u.6118_B20201102 y A7000R versiones V9.1.0u.6115_B20201022, contienen una vulnerabilidad de inyección de comandos en la función Tunnel 6in4 por medio del p... • https://github.com/wudipjq/my_vuln/blob/main/totolink/vuln_31/31.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2022-27005
https://notcve.org/view.php?id=CVE-2022-27005
15 Mar 2022 — Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Se ha detectado que los routers Totolink s X5000R versiones V9.1.0u.6118_B20201102 y A7000R versiones V9.1.0u.6115_B20201022, contienen una vulnerabilidad de inyección de comandos en la función setWanCfg por medio del parámet... • https://github.com/wudipjq/my_vuln/blob/main/totolink/vuln_30/30.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •